Hong Kong police have "disciplined" an undisclosed number of officers who logged onto an internal computer network to view images of a woman arrested on indecency charges for having sex on an apartment balcony, according to local media reports.
While the police told journalists that no crime had been committed, the case has raised public concerns over privacy and data protection in law enforcement.
Police said in comments quoted by the Chinese-language Ming Pao newspaper that the officers were unconnected to the case but had viewed the case files purely to check out the woman's appearance.
Officers had also screenshotted a video of the couple's encounter that went viral in June and shared the images on WhatsApp, the English-language South China Morning Post reported.
As many as 100 officers not involved in the case had logged on just to look at images of the woman, an internal investigation of login data revealed, it said.
The police told both papers that the investigation into the incident is now complete and that the offenders had received "appropriate disciplinary action," the papers reported.
The police force attaches great importance to the integrity of personnel, and will spare no effort to deepen its integrity management culture and prevent misconduct, the papers quoted them as saying.
An employee who responded to RFA's questions at the Office of the Privacy Commissioner on Monday said the agency doesn't comment on individual cases, but that "it is paying attention to developments" in the case.
They said any organization that collects, holds, processes or uses personal information must comply with Hong Kong's Personal Data (Privacy) Ordinance and other data protection regulations.
"Anyone who suspects their personal data privacy has been violated and can provide prima facie evidence may make inquiries or complaints to the Office of the Privacy Commissioner," the employee said.
Hong Kong barrister Albert Luk said he wasn't entirely sure that a crime hadn't been committed.
Luk said the officers who viewed the material could have committed "dishonest use of a computer," a criminal offense carrying a potential custodial sentence.
In April 2021, investigative journalist Bao Choy was found guilty of "improper searches" of an online car license database after she used the site to access number plate ownership records for her documentary on the July 21, 2019, mob attacks at the Yuen Long MTR station.
"If these other police officers weren't members of this investigation team, theoretically, they shouldn't be privy to the identity of the suspects, which is supposed to be kept secret," Luk told RFA.
However, he said it wasn't clear exactly how the officers managed to view the files.
"We can't be sure whether the police who did this tried to do it secretly, or whether it was all done openly," Luk said. "We don't know what channels they used."
Luk said the non-investigating officers could also be suspected of "misconduct in public office," but that the evidence released by the police didn't provide enough evidence to prosecute anyone.
He said the case shows that there are obvious loopholes in the way the police force stores personal data, however. "We may not have any real evidence that the police broke the law, it doesn't seem right, looking at it from outside," Luk said. "At the very least, it highlights a loophole in the system."
He recommended that police look at their own systems to plug any loopholes as soon as possible and to prevent similar incidents from happening again.
Curiosity as an excuse
Current affairs commentator Sang Pu, also a qualified lawyer, said "curiosity" was no excuse.
"The complaints and internal investigations section is using 'curiosity' as an excuse to claim that no criminal activity was involved," Sang told RFA. "But there are no exemptions for 'curiosity' in the laws of any country, including China."
"It's just unbelievable that they're using 'curiosity' as an excuse."
Sang agreed that the officers could have committed criminal offenses including the "dishonest use of computer," and "misconduct in public office."
"The impression I get is that the Hong Kong police know what the law says, and break it anyway," he said. "They do so without consequence, and yet they suppress any kind of dissenting speech."
Hong Kong passed amendments to its privacy law in 2021 banning "doxxing," or the online disclosure of anyone's personal information, including those of officials suspected of wrongdoing.
According to the city's Personal Data (Privacy) Ordinance, nobody should use personal data "for any new purpose unrelated to the original purpose when the data was collected without first obtaining the data subject’s express and voluntary consent."
A 26-year-old customer service assistant was prosecuted by the privacy commissioner in October 2021 for posting details about his ex-girlfriend online without her consent, an offense that carries a maximum of two years' imprisonment.
And a former immigration clerk pleaded guilty last year to "misconduct in public office" after accessing records pertaining to 215 government officials, judicial officers, police officers and other public figures and their family members without authorization.
She was jailed for three years and nine months, and described by the judge who sentenced her as a kind of "online al-Qaeda."
Translated and edited by Luisetta Mudie.